Priya Kanduri, CTO and Vice president, Cyber Security Services, Happiest Minds Technologies, shares with us her perspective on some of the emerging threat vectors, protecting multi-cloud environments and a big remote workforce
Some edited excerpts:
What are some of the emerging threat vectors that enterprises need to be careful about?
Ransomware tops the list. Why ransomware attacks are not new threat vectors to organizations, cause for concern is how sophisticated they have become and the fact that the cost of recovery has doubled in the last couple of years. Many organizations end point security strategies are still very vulnerable to the ransomware attacks and the new threat vector that’s been introduced viz ransomware-as-a-service
Phishing and social engineering attacks continue to pose a significant threat to organizations as they expose the weakest link in an organizations cyber defense i.e. human psychology. Vishing, Scareware, Spear phishing or whaling attack & DNS Spoofing are the emerging threat variants to watch out for in 2022
Cloud vulnerabilities have increased significantly since the pandemic. Cloud data breaches, Denial of service attacks, cloud misconfigurations and Insecure API’s cause significant risk to cloud environments
IoT weaknesses – A pattern introduced by the pandemic is the increased usage and deployment of IoT devices, which increased the access points that are being exploited to break into corporate networks. Unsecured access to financial information, Unencrypted data storage, IoT botnets and weak authentication mechanisms are the new threats introduced by these IoT devices
Identity Spoofing i.e. Malicious actors trying to create false online identities and privileged access credentials with to cause potential data breach or financial loss is another threat vector prominently faced by financial & educational institutions in 2022
What are some of the best practices you recommend to protect a remote workforce?
Advanced Anti-Phishing measures that are contextualized for an organization’s structure, operations, supply chain and business model are of paramount importance to protect enterprises from threats introduced by remote working staff. These should also be clubbed with robust employee training, awareness & regular phishing drills
Adoption of zero trust architecture models keeps enterprise assets & data secure by enabling safe and quick authentication of remote 3rd party users. Zero trust also enables automated data and system access controls that validate every stage of digital access from remote workforces.
Automation for faster and accurate threat detection & response that increase the capabilities of incident response teams through automated data collection, investigation, threat prevention & remediation.
AI & ML based threat defense mechanisms such as self-healing endpoint security tools, behavior based threat detection tools, risk based automated security patching techniques help quickly identify and remediate potential breach attempts
Breach and attack simulation such as WFH security validation, Ransomware defense readiness, continuous testing and validation of security controls, testing cyber security posture against external threats and specialized assessments to highlight the risk to high-value assets.
More rigorous risk assessments – not just to clear compliance audits but to achieve comprehensive security measures. Customizing & refreshing existing risk assessment frameworks, BCP / DR plans to address the threats and challenges presented by emerging threat vectors of 2022Its also critical to keep checking BCP DR status and conduct drills
Request you to share your views on protecting multi-cloud environments? What are some of the best practices you recommend?
It is not an easy task to fully secure a cloud environment; a hybrid cloud environment adds more complexities into the mix. To defend Hybrid cloud environments, organizations need to build more robust cloud security strategies that implement
· Least privilege access principles through zero trust models
· Controls for continuous monitoring & visibility of cloud security posture
· Deploy Secure and automated data backups (AI driven techniques effectively help recover from ransomware attacks)
· Regular audits, configuration verifications & infrastructure vulnerability scans
DNS attacks have gone up significantly. How can DNS be leveraged to improve threat resolution
DNS is the first level network security control and is often exploited by external bad forces to identify what’s on the network. It is the key aspect of threat investigation but is also the most common organizational defence exploited through phishing attacks. DNS can be effectively leveraged to resolve threats by quickly detecting and blocking them. Organizations should employ effective DNS security strategies & DNS firewalls to implement multiple layers of cyber defenses, content filtering, botnet protection & DDoS protection.
How can AI play a vital role in improving the security posture? What are some of the possible use cases?
AI & ML based threat defense mechanisms play a vital role in improving an organization’s security posture by quickly detecting & preventing cyberattacks. Some of the recent most effective use cases are
· Transaction fraud detection using AI ML to identify illegitimate account holder behaviors
· Contextual authentication & authorization solutions to prevent account takeovers
· AI based EDR tools that prevent ransomware attacks
· Risk-based approach to patch management with automated scaling
· Identity proofing to prevent spoofing attacks
· User behavior analytics to prevent advanced phishing & social engineering attacks
Best practices recommended to improve ROI from existing security investments
There is no revenue and thereby no direct ROI from cyber security investments. However deriving robust defenses, ensuring continuous security posture from existing security investments is necessary to establish and improve ROI. Mentioned below are few best practices:
· Identifying critical assets and focusing, fine tuning security measures & investments around those
· Making automation a priority to reduce costs and improve efficiency, accuracy of threat detection, threat prevention & reduce false positives
· Rights security tools to bridge the skill gap and there by doing more with less
· Reducing impact on organization financial postures by directly mapping security investments to data loss preventions and associated breach costs, regulatory non-compliances & associated fines